level 17 – 18
To obtain password to the next level we have to compare two files stored in the home directory – passwords.old and passwords.net. The password we are looking for is the only line that has been changed between both files, to compare them we can simply use a command diff
bandit17@bandit:~$ diff passwords.new passwords.oldThe command will return 2 values, the first one is the password we were looking for.
level 18 – 19
The password for the next level is stored in the home directory in the readme file. The obstacle in this level is that someone has modified .bashrc to log you out when you try to log-in with a SSH. The moment we tried to log into the level 18 we received a message “Byebye!” and our connection to bandit was closed.
.bashrc is a bash shell script that is executed every time an interactive shell (that is not a login) is started.
As we know where the password is stored (home directory, readme file), we can use the ssh command to open it directly before the host will disconnect us.
ssh bandit18@bandit.labs.overthewire.org -p 2220 "cat readme"
Level 19 – 20
To gain access to the next level, we should use the seuid binary file stored in the home directory.
bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
Example: ./bandit20-do id
bandit19@bandit:~$ ./bandit20-do id
uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)
bandit19@bandit:~$ we know that the file is stored in the /etc/bandit_pass directory (file bandit20), however we don’t have access to open it. Since the binary file we just run returned euid for bandit20, it hints us to the solution. We can use it to open the file.
bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
